Do not leak path when not found.
This commit is contained in:
parent
029e27dfb6
commit
4b3d99ccbe
|
@ -1061,7 +1061,7 @@ module Sinatra
|
||||||
if @app
|
if @app
|
||||||
forward
|
forward
|
||||||
else
|
else
|
||||||
raise NotFound, "#{request.request_method} #{request.path_info}"
|
raise NotFound
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -81,10 +81,10 @@ class StaticTest < Minitest::Test
|
||||||
assert not_found?
|
assert not_found?
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'path is escaped in 404 error pages' do
|
it 'there is no path is 404 error pages' do
|
||||||
env = Rack::MockRequest.env_for("/dummy").tap { |env| env["PATH_INFO"] = "/<script>" }
|
env = Rack::MockRequest.env_for("/dummy").tap { |env| env["PATH_INFO"] = "/<script>" }
|
||||||
_, _, body = @app.call(env)
|
_, _, body = @app.call(env)
|
||||||
assert_equal(["GET /<script>"], body, "Unexpected response content.")
|
assert_equal(["<h1>Not Found</h1>"], body, "Unexpected response content.")
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'serves files when .. path traverses within public directory' do
|
it 'serves files when .. path traverses within public directory' do
|
||||||
|
|
Loading…
Reference in New Issue